Protecting the data stored in your database may have been at the
top of your priorities recently, especially with the changes that
were introduced earlier this year with GDPR.

There are a number of ways to protect this data, which until not
so long ago would have meant either using an encrypted filesystem
(e.g. LUKS), or encrypting the data before it is
stored in the database (e.g. AES_ENCRYPT or other abstraction within the
application). A few years ago, the options started to change, as
Alexander Rubin discussed in …

In the last few days, there has been information released about
yet another alleged data leak, placing in
jeopardy “…[the] personal information on hundreds of millions of
American adults, as well as millions of businesses.” In this
case, the “victim” was Exactis, for whom data collection and data
security are core business functions.

Some takeaways from Exactis

Please excuse the pun! In security, we have few chances to
chuckle. In fact, as a Security Architect, I sigh deeply when I
read about this kind of issue. Firstly, it’s preventable.
Secondly, I worry that if an organization like Exactis is not
getting it right, what chance the rest of the world?

As the Wired article notes the tool https://shodan.io/ can be revealing and well
worth a look. For example, you …

This is a long overdue blog post
from London’s 44con Cyber Security conference back in September.
A lot of old memories were brought to the front as it were; the
one I’m going to cover in this blog post is: file carving.

So what is file carving? despite the terminology it’s not going
to be a full roast dinner; unless you have an appetite for data
which as you’re here I’m assuming you have.

The TL;DR of “what is file carving” is taking a target blob of
data (often a multi GB / TB file) and reducing it in to targeted
pieces of data, this could be for instance grabbing all the jpeg
images in a packet capture / mysqldump; or pulling that single
table/schema out of a huge mysqldump with –all-databases (if
you’re not using mydumper you really …

Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.